[PATCH v4 2/2] nvme: validate FDP configuration descriptor sizes
Keith Busch
kbusch at kernel.org
Tue Jun 2 05:19:16 PDT 2026
On Thu, May 28, 2026 at 06:00:02PM +0800, liuxixin wrote:
> @@ -2275,7 +2275,15 @@ static int nvme_query_fdp_granularity(struct nvme_ctrl *ctrl,
> desc = log;
> end = log + size - sizeof(*h);
> for (i = 0; i < fdp_idx; i++) {
> - log += le16_to_cpu(desc->dsze);
> + u16 dsze = le16_to_cpu(desc->dsze);
> +
> + if (!dsze || log + dsze > end) {
> + dev_warn(ctrl->device,
> + "FDP invalid config descriptor at index %d\n", i);
> + ret = 0;
> + goto out;
> + }
> + log += dsze;
> desc = log;
> if (log >= end) {
> dev_warn(ctrl->device,
I think you can delete this "log >= end" check now that you added the
same check right above.
More information about the Linux-nvme
mailing list